CEBS GBA Exam 3
(1) Understanding fiduciary responsibility.
-Committee members should be aware of
what their fiduciary responsibilities are and what liability they have.
(2) Education about functioning as a committee.
-Knowledge of techniques for inviting participation and encouraging different points of view,
as well as avoiding common group pitfalls, can help a committee make better decisions as
a group.
(3) Investment education.
-Committee members are likely to have varying degrees of investment knowledge and
sophistication. Because they will be ultimately
responsible for making investment decisions on the plan's behalf, committee members
should have a fundamental understanding of investment concepts. - ANS-Educating
committee members is critical to the long term success of the committee as a governing
body. Committee education can be broken down into 3 important segments. What are these
segments? (Mod 3.2)
(a) A plan document must exist for each plan
(b) A summary plan description (SPD) must be furnished automatically to participants
(c) A summary of material modifications (SMM) must be furnished automatically to
participants when a plan is amended
(d) A four-page summary of benefits and coverage (SBC) must be provided to applicants
and enrollees before enrollment or reenrollment
(e) Copies of certain plan documents must be furnished to participants and beneficiaries
upon written request
(f) Claim procedures must be established and followed when processing benefits claims and
when reviewing appeals of denied claims - ANS-What are the main disclosure requirements
under ERISA? (Mod 1.2)
(a) A plan sponsor may be charged a penalty per day if it does not provide a plan participant
with an SPD or SMM within 30 days of an individual's request.
(b) Many courts look to the SPD and other plan descriptive material as important evidence of
the benefits employees have been promised by the employer. For this reason, a clearly
worded SPD is an important line of defense for employers in benefit disputes.
(c) The plan may be forced to provide benefits described in any other written documents
describing the plan.
(d) Participants and beneficiaries may bring a civil action in federal district court to enforce
any provision of ERISA.
(e) Criminal penalties may be imposed against any individual or company that willfully
violates any ERISA reporting and disclosure requirements.
(f) Failure to distribute SPDs or SMMs could be used against the plan sponsor, in actions
brought by the gov't or plan participants and benef - ANS-List the problems or penalties a
plan sponsor might incur if they do not provide SPDs or SMMs as required (Mod 1.4)
,(a) As a named beneficiary, unless the spouse consents to another beneficiary
(b) If a retirement plan provides a qualified joint and survivor annuity or a qualified
preretirement survivor annuity, the same-sex spouse would be entitled to these
benefits.
(c) In regard to minimum distribution and rollover rules
(d) In regard to withdrawals, loans and hardship distributions
(e) In regard to alternative payee rights for distributions under a qualified domestic relations
order
(f) In regard to family attribution and other ownership rules applicable to retirement plans -
ANS-Guidance provided by IRS affirms that a legally married same sex spouse must be
treated as a spouse for all qualified pension and retirement benefit plan purposes. List some
of these purposes (Mod 3.1)
(a) Define security obligations.
(b) Identify reporting and monitoring responsibilities.
(c) Conduct periodic risk assessments (ongoing monitoring, reviewing, and updating of
agreed-upon practices).
(d) Establish due diligence standards for vetting and tiering providers based on the
sensitivity of data being shared.
(e) Consider whether the service provider has a cybersecurity program, how data is
encrypted, liability for breaches, etc. - ANS-What are the steps that a plan fiduciary should
consider when selecting and contracting with service providers? (Mod 4.4)
(a) Failure to install security system updates
(b) E-mail hoax (phishing attack)
(c) Downloads of plan information to a home computer
(d) Social Security numbers mailed to wrong addresses
(e) Using the same password for multiple clients - ANS-List data breaches that have
occurred with retirement plans (Mod 4.2)
(a) Followup on discussion from previous committee meetings
(b) Review of investment performance and investment options
(c) Review of legislative and regulatory updates: Has anything in the regulatory or
legislative environment changed that would affect the plan?
(d) Review of vendor services and fees
(e) Review of the IPS: Is it still in line with the needs of the overall investment program?
(f) Discussion of any potential plan improvements. - ANS-List the topics that should be
covered in investment committee meetings (Mod 3.2)
(a) Health benefits
(b) Qualified tuition reduction
(c) Meals and lodging provided as a condition of employment
(d) Dependent care benefits
(e) No-additional-cost services
(f) Qualified employee discounts
(g) Working condition fringe benefits
(h) Qualified transportation fringe benefits
(i) De minimis fringe benefits
,(j) Qualified moving expenses
(k) Qualified retirement planning services
(l) Access to on-premises gyms and other athletic facilities. - ANS-List the benefits that an
ER may provide to an EE's same-sex spouse tax-free under federal law (Mod 2.2)
(a) Highlight the value of employee benefits
(b) Create involvement and ownership with employees
(c) Encourage better utilization of benefits
(d) Support and facilitate benefits administration
(e) Satisfy legal requirements - ANS-List the factors that influence the shape and scope of
an organization's benefit communications (Mod 3.3)
(a) HIPAA and its business associate requirements
(b) Federal Trade Commission (FTC) data security enforcement actions against company
failures to oversee service providers with access to personal information
(c) State information security laws requiring oversight of data-related service providers
(d) The Gramm-Leach-Bliley Act controlling the ways financial institutions deal with private
information of individuals
(e) Payment Card Industry Data Security Standards - ANS-What are key governing laws,
enforcement actions and industry standards requiring service provider management of
regulated personal information? (Mod 4.3)
(a) IRAs:
Employers may offer employees the option to participate in an IRA in addition to a qualified
retirement plan. Employer IRA contributions are included in the income of employees but
they are not subject to FIT withholding up to the
amount the employer reasonably believes employees will be able to deduct on their personal
income tax returns. Income earned on contributions is not taxable until distributed to
employees. Employer contributions are subject to FICA and FUTA taxes.
(b) Roth IRAs:
Roth IRAs differ from standard IRAs in that contributions are not deductible from employee
income, and distributions are excluded from gross income if certain qualifications are met.
Employees can contribute the maximum
deductible amount for a standard IRA to a Roth IRA, excluding amounts contributed by the
employee to other IRAs in the same year. In addition, the amount that can be contributed to
a Roth IRA is phased out - ANS-Explain the taxability of the following types of retirement
accounts:
a) IRAs (Individual Retirement Accounts)
b) Roth IRAs
c) Simplified Employee Pension (SEP)
d) Employee Stock Ownership Plan (ESOP) (Mod 2.7)
(a) PII is information that can be used to distinguish or trace an individual's identity, such as
their name, social security number, biometric records, etc., both alone or when combined
with other personal or identifying information
that is linked or linkable to a specific individual, such as date and place of birth, mother's
maiden name, etc.
, (b) PHI is a term derived from the Health Insurance Portability and Accountability
Act (HIPAA) Privacy Rule standards that address the use and disclosure of individuals'
health information. PHI is defined as information that is a subset of health information,
including demographic information collected from an
individual, and:
(1) is created or received by a health care provider, health plan, employer, or health care
clearinghouse; and
(2) relates to the past, present, or future
physical or mental health or condition of an individual; the provision of health care to an
indivi - ANS-The data elements that benefit plans typically maintain and are subject to
regulatory oversight have been classified as (a) personally identifiable information (PII) and
(b) protected health information (PHI). Define these terms. (Mod 4.1)
(a) Plan administrator/plan sponsor
A plan administrator is a person with statutory responsibility for ensuring that all of the
required filings with the federal government are timely made and is the person upon whom
the statute imposes authority to make important disclosures
to participants about plan benefits. Generally, the plan administrator is designated in the plan
document. However, if the plan administrator is not so designated, then the responsibility
defaults to the plan sponsor, which is usually
the employer. Generally, in a single employer situation, the employer is the plan sponsor.
Therefore, the employer is ultimately responsible for all reporting and disclosure
requirements and should implement a process to make certain those responsibilities are
followed.
b) Participant:
The term participant has been interpreted broadly to include employees in, or reasonably
expected to be in, currently covered empl - ANS-Define each of the following ERISA terms:
a) plan administrator/sponsor
b) participant
c) beneficiary (Mod 1.2)
(a) Ransomware, where cybercriminals encrypt and seize an entire hard drive and will only
release it for a high ransom
(b) Phishing, where fraudulent e-mails are sent with the objective of enticing the user to
interact and inadvertently provide an avenue for a cybercriminal to infiltrate a computer
network
(c) Wire transfer e-mail fraud, where cybercriminals pretend to be senior executives
asking employees to transfer funds
(d) Malware via external devices, where intrusive and harmful software is stored on
an external drive that is inserted into and executed on a network computer. - ANS-Provide
examples of common cyberthreats in the environment where benefit plans operate (Mod 4.2)
(a) Research the audience to find out who they are, how they currently feel, what they want
to hear, what will motivate them or change their attitudes, and how and when to reach them.
(1) Understanding fiduciary responsibility.
-Committee members should be aware of
what their fiduciary responsibilities are and what liability they have.
(2) Education about functioning as a committee.
-Knowledge of techniques for inviting participation and encouraging different points of view,
as well as avoiding common group pitfalls, can help a committee make better decisions as
a group.
(3) Investment education.
-Committee members are likely to have varying degrees of investment knowledge and
sophistication. Because they will be ultimately
responsible for making investment decisions on the plan's behalf, committee members
should have a fundamental understanding of investment concepts. - ANS-Educating
committee members is critical to the long term success of the committee as a governing
body. Committee education can be broken down into 3 important segments. What are these
segments? (Mod 3.2)
(a) A plan document must exist for each plan
(b) A summary plan description (SPD) must be furnished automatically to participants
(c) A summary of material modifications (SMM) must be furnished automatically to
participants when a plan is amended
(d) A four-page summary of benefits and coverage (SBC) must be provided to applicants
and enrollees before enrollment or reenrollment
(e) Copies of certain plan documents must be furnished to participants and beneficiaries
upon written request
(f) Claim procedures must be established and followed when processing benefits claims and
when reviewing appeals of denied claims - ANS-What are the main disclosure requirements
under ERISA? (Mod 1.2)
(a) A plan sponsor may be charged a penalty per day if it does not provide a plan participant
with an SPD or SMM within 30 days of an individual's request.
(b) Many courts look to the SPD and other plan descriptive material as important evidence of
the benefits employees have been promised by the employer. For this reason, a clearly
worded SPD is an important line of defense for employers in benefit disputes.
(c) The plan may be forced to provide benefits described in any other written documents
describing the plan.
(d) Participants and beneficiaries may bring a civil action in federal district court to enforce
any provision of ERISA.
(e) Criminal penalties may be imposed against any individual or company that willfully
violates any ERISA reporting and disclosure requirements.
(f) Failure to distribute SPDs or SMMs could be used against the plan sponsor, in actions
brought by the gov't or plan participants and benef - ANS-List the problems or penalties a
plan sponsor might incur if they do not provide SPDs or SMMs as required (Mod 1.4)
,(a) As a named beneficiary, unless the spouse consents to another beneficiary
(b) If a retirement plan provides a qualified joint and survivor annuity or a qualified
preretirement survivor annuity, the same-sex spouse would be entitled to these
benefits.
(c) In regard to minimum distribution and rollover rules
(d) In regard to withdrawals, loans and hardship distributions
(e) In regard to alternative payee rights for distributions under a qualified domestic relations
order
(f) In regard to family attribution and other ownership rules applicable to retirement plans -
ANS-Guidance provided by IRS affirms that a legally married same sex spouse must be
treated as a spouse for all qualified pension and retirement benefit plan purposes. List some
of these purposes (Mod 3.1)
(a) Define security obligations.
(b) Identify reporting and monitoring responsibilities.
(c) Conduct periodic risk assessments (ongoing monitoring, reviewing, and updating of
agreed-upon practices).
(d) Establish due diligence standards for vetting and tiering providers based on the
sensitivity of data being shared.
(e) Consider whether the service provider has a cybersecurity program, how data is
encrypted, liability for breaches, etc. - ANS-What are the steps that a plan fiduciary should
consider when selecting and contracting with service providers? (Mod 4.4)
(a) Failure to install security system updates
(b) E-mail hoax (phishing attack)
(c) Downloads of plan information to a home computer
(d) Social Security numbers mailed to wrong addresses
(e) Using the same password for multiple clients - ANS-List data breaches that have
occurred with retirement plans (Mod 4.2)
(a) Followup on discussion from previous committee meetings
(b) Review of investment performance and investment options
(c) Review of legislative and regulatory updates: Has anything in the regulatory or
legislative environment changed that would affect the plan?
(d) Review of vendor services and fees
(e) Review of the IPS: Is it still in line with the needs of the overall investment program?
(f) Discussion of any potential plan improvements. - ANS-List the topics that should be
covered in investment committee meetings (Mod 3.2)
(a) Health benefits
(b) Qualified tuition reduction
(c) Meals and lodging provided as a condition of employment
(d) Dependent care benefits
(e) No-additional-cost services
(f) Qualified employee discounts
(g) Working condition fringe benefits
(h) Qualified transportation fringe benefits
(i) De minimis fringe benefits
,(j) Qualified moving expenses
(k) Qualified retirement planning services
(l) Access to on-premises gyms and other athletic facilities. - ANS-List the benefits that an
ER may provide to an EE's same-sex spouse tax-free under federal law (Mod 2.2)
(a) Highlight the value of employee benefits
(b) Create involvement and ownership with employees
(c) Encourage better utilization of benefits
(d) Support and facilitate benefits administration
(e) Satisfy legal requirements - ANS-List the factors that influence the shape and scope of
an organization's benefit communications (Mod 3.3)
(a) HIPAA and its business associate requirements
(b) Federal Trade Commission (FTC) data security enforcement actions against company
failures to oversee service providers with access to personal information
(c) State information security laws requiring oversight of data-related service providers
(d) The Gramm-Leach-Bliley Act controlling the ways financial institutions deal with private
information of individuals
(e) Payment Card Industry Data Security Standards - ANS-What are key governing laws,
enforcement actions and industry standards requiring service provider management of
regulated personal information? (Mod 4.3)
(a) IRAs:
Employers may offer employees the option to participate in an IRA in addition to a qualified
retirement plan. Employer IRA contributions are included in the income of employees but
they are not subject to FIT withholding up to the
amount the employer reasonably believes employees will be able to deduct on their personal
income tax returns. Income earned on contributions is not taxable until distributed to
employees. Employer contributions are subject to FICA and FUTA taxes.
(b) Roth IRAs:
Roth IRAs differ from standard IRAs in that contributions are not deductible from employee
income, and distributions are excluded from gross income if certain qualifications are met.
Employees can contribute the maximum
deductible amount for a standard IRA to a Roth IRA, excluding amounts contributed by the
employee to other IRAs in the same year. In addition, the amount that can be contributed to
a Roth IRA is phased out - ANS-Explain the taxability of the following types of retirement
accounts:
a) IRAs (Individual Retirement Accounts)
b) Roth IRAs
c) Simplified Employee Pension (SEP)
d) Employee Stock Ownership Plan (ESOP) (Mod 2.7)
(a) PII is information that can be used to distinguish or trace an individual's identity, such as
their name, social security number, biometric records, etc., both alone or when combined
with other personal or identifying information
that is linked or linkable to a specific individual, such as date and place of birth, mother's
maiden name, etc.
, (b) PHI is a term derived from the Health Insurance Portability and Accountability
Act (HIPAA) Privacy Rule standards that address the use and disclosure of individuals'
health information. PHI is defined as information that is a subset of health information,
including demographic information collected from an
individual, and:
(1) is created or received by a health care provider, health plan, employer, or health care
clearinghouse; and
(2) relates to the past, present, or future
physical or mental health or condition of an individual; the provision of health care to an
indivi - ANS-The data elements that benefit plans typically maintain and are subject to
regulatory oversight have been classified as (a) personally identifiable information (PII) and
(b) protected health information (PHI). Define these terms. (Mod 4.1)
(a) Plan administrator/plan sponsor
A plan administrator is a person with statutory responsibility for ensuring that all of the
required filings with the federal government are timely made and is the person upon whom
the statute imposes authority to make important disclosures
to participants about plan benefits. Generally, the plan administrator is designated in the plan
document. However, if the plan administrator is not so designated, then the responsibility
defaults to the plan sponsor, which is usually
the employer. Generally, in a single employer situation, the employer is the plan sponsor.
Therefore, the employer is ultimately responsible for all reporting and disclosure
requirements and should implement a process to make certain those responsibilities are
followed.
b) Participant:
The term participant has been interpreted broadly to include employees in, or reasonably
expected to be in, currently covered empl - ANS-Define each of the following ERISA terms:
a) plan administrator/sponsor
b) participant
c) beneficiary (Mod 1.2)
(a) Ransomware, where cybercriminals encrypt and seize an entire hard drive and will only
release it for a high ransom
(b) Phishing, where fraudulent e-mails are sent with the objective of enticing the user to
interact and inadvertently provide an avenue for a cybercriminal to infiltrate a computer
network
(c) Wire transfer e-mail fraud, where cybercriminals pretend to be senior executives
asking employees to transfer funds
(d) Malware via external devices, where intrusive and harmful software is stored on
an external drive that is inserted into and executed on a network computer. - ANS-Provide
examples of common cyberthreats in the environment where benefit plans operate (Mod 4.2)
(a) Research the audience to find out who they are, how they currently feel, what they want
to hear, what will motivate them or change their attitudes, and how and when to reach them.
